Geek Answers Handbook

WCF Interop with Axis2 using WS-Trust

We are trying to get WCF and Java to talk to each other using SAML tokens released from STS. Despite the fact that both parties comply with the standards of WS-Security, WS-Trust, WS-Policy, etc., They do not seem to talk to each other, and one or the other will throw critical exceptions or ignore security headers.

We use .NET 3.5, WCF federation binding on the MS side, and Axis2 / Rampart / Rahas on the java side.

Could anyone do this work?

+7
java interop wcf saml sts-securitytokenservice
source share
5 answers

Axis2 is incomplete in terms of WS standards compliance.

Recently (last month) I went through the POC stage, where Axis2 completed my WS- * compliance tests (in particular, WS-AT, WS-Coordination).

Take a look at Project Metro. Sun and Microsoft collaborated on the WCF and JAX-WS interop "right".
https://metro.dev.java.net/

+6
source share

I would also not recommend for Axis2 on the Java side, if possible. It would be easier with Glassfish or JAX-WS, apparently althoug I never tested it.

I ran into these problems trying to make WCF and Axis2 work together. Check the version of the standard used in the WSDL file, in our case this does not match.

+3
source share

I assume the server side is the axis, this is not clear, but it is more common.

If you program interoperable web services in Java, you should consider switching to JAX-WS, not only because the axis2 programming model is a little strange, but often the code is incomplete. Of course, I came across partially implemented functions previously, it was also difficult for me to determine which testing for interaction was performed using the Microsoft stack.

I would say that you have a much better chance in the future using the JAX-WS stack. One of the main reasons is that Sun Engineers spend some time with Microsoft engineers to make sure their stacks are compatible and that they accurately interpret the specifications. In addition, the programming model is simpler and can be controlled by annotations. It also makes deployment and maintenance easier. The additional container for servicing .AAR files and messing around to remove axis2 from the service endpoint can simply be ignored: the endpoint can simply be thought of as a servlet.

There is documentation on how people get SAML to work with JAX-WS: http://www.jroller.com/gmazza/entry/using_the_opensaml_library_in

If you cannot move away from axis 2, I think a similar strategy should be used. If you intercept a token and authenticate before it receives a service endpoint call.

See: http://www.omg.org/news/meetings/workshops/Web_Services_USA_Manual/02-3_K_Smith.pdf

http://www.mail-archive.com/axis-user@xml.apache.org/msg10292.html

http://www2.sys-con.com/ITSG/virtualcd/WebServices/archives/0303/secrist/index.html

+2
source share

We have successfully tested Rampart scripts for WS-Trust with WCF on both the client and server.

BTW Rampart does not yet support WS-Federation scripts, and your security policy may be related to it. [FYI - WS-Federation will be available with Rampart in the middle of next year].

If you can attach security policies, we can carefully read it.

+1
source share

More articles:


All Articles